<?php

class security{
	var $db;
	var $user_tbl = "users";
	var $_userid;
	
	function security(){
		require_once("db_functions.php");
		$this->db = new db_functions();
	}
	function isUserLoggedIn(){
		if($_COOKIE['ypu']){
			return true;
		}else{
			return false;
		}
	}
	function userLogin($uname,$pass){
		$db = new db_functions("cp1250");
		$from = $_SERVER["HTTP_REFERER"];
		
		//$sql = "SELECT id FROM ".$this->user_tbl." WHERE username='".$uname."' AND password=PASSWORD('".$pass."')";
		$sql = "SELECT id FROM users, radnici "
			  ."WHERE users.radnik_id=radnici.radnik_id "
			  ."AND radnici.radnik_akt=1 "
			  ."AND username='".$uname."' "
			  ."AND password=OLD_PASSWORD('".$pass."')";
		
		if($user_id = $db->getOne($sql)){
			$lt = time();
			$lt += $this->_configArej['login_life'] * 60;
			//setcookie("ypu",$user_id,$lt);
			setcookie("ypu",$user_id);
			$q = "UPDATE ".$this->user_tbl." SET last_login=".time().", last_login_ip='".$_SERVER['REMOTE_ADDR']."' WHERE id=".$user_id;
			if(!$db->alterTable($q)){
				echo "err=Greška DB";
			}else{
				//echo $from;
				echo "/";
			}
		}else{
			echo "?err=Pogrešan login&obj=username";
		}
	}
	function logout(){
		$from = $_SERVER["HTTP_REFERER"];
		if (isset($_COOKIE['ypu'])){
			setcookie ("ypu", "", time()-60*60*24*100);
		}
		echo "/";
		//echo $from;
	}
	function getUserId(){
		return $_COOKIE["ypu"];
	}
}

?>